Audit Your Struts Configuration Files to Avoid JAAS Errors

he Struts Web application framework facilitates building robust Web applications. Java Authentication and Authorization Services (JAAS) is a rich API for adding pluggable security modules to applications. These powerful services work well together, however, their combination can also add some complexity to maintenance and enhancement tasks. Maintaining synchronization between an application's Struts configuration file(s) mappings and the JAAS security framework policy file can be a challenge.

As the size and complexity of your site increases and the number of people contributing expands, it is possible (even probable) that the site's configuration files will get out of synch. One common scenario is that a developer might add a page to the policy file in his test environment and then inadvertently fail to commit the updated file to source control. Alternatively, perhaps a colleague's merge overwrites your updates to the policy file that support a new page. Inserting an automated utility into your build process to alert you when configuration files aren't in synch is far better than your help desk getting calls from frustrated users who can't access pages that were formerly available to them.